[pid-1]

> The problem is that Windows 11 and above (try very hard to) require a Microsoft account, because these orcas of computing want to remind you with every step that you don't own the device you bought. Hence it's simpler/better to just virtualize everything.

During the pandemic, a key security component of our remote work architecture was to use Azure AD Conditional Access to restrict users to login in M365 apps from AD joined laptops + some Inutne compliance rules.

A weird situation was that, for a new laptop, we could not login using a domain account, as it was not joined in our domain. We also could not create a local account to join it. Not sure how IT solved that.

[Meph504]

Windows 11 allows for the creation of local accounts, it sounds like someone signed in with a azureAD account (work email) joining the azure AD basically drops a lot of default policies on the machine, one of those is disabling local admin.

They can either remove that policy from their azure AD, or remove the machine from the azure ad.

Or update their policies to allow for azureAD joined machines.